The present disclosure relates to computer systems, and more specifically, to systems and computer-implemented methods for role engineering.
Role Based Access Control (RBAC) is an access control model widely used to administer access permissions in large organizations. Generally, within an organization, different “roles” are created for different job functions. Each “role” is associated with a set of permissions that allow a person assigned to the role to perform those job functions. By way of example, a sales associate in a given organization may be assigned to a “sales” role that allows a person to perform sales functions and access sales-related data. Similarly, a software engineer and a project manager in the same organization may be assigned to an “engineer” role, and a “project manager” role, respectively. A department manager in charge of the people in these roles may be assigned to an “administrative” role that allows him/her to perform administrative functions, as well as multiple other roles as needed or desired.
Because RBAC ties the user access permissions to the roles rather than to an individual, the management of the individual user rights is greatly simplified. Particularly, such management becomes an exercise in ensuring that all users are assigned to the appropriate role. However, the most expensive phase of an RBAC implementation is the “role engineering” phase. This phase typically includes the identification and maintenance of the roles.